 |
 |
On the topic of access constraints within databases, which I guess is well explored in the SQL world, I'm reminded of some work that Prof Wenfei Fan of Edinburgh did on security in XML databases (Fan, W., Geerts, F., Jia, X., & Kementsietsidis, A. (2006). SMOQE: A System for Providing Secure Access to XML. In VLDB 2006 (pp. 1227-1230). ACM. Retrieved from http://homepages.inf.ed.ac.uk/fgeerts/pdf/demovldb.pdf). As explained to me this also involved hiding parts of the XML schema as well as the data, while still presenting the database as a working whole... -- Chris Rusbridge Mobile: +44 791 7423828 Email: [log in to unmask] On 22 Sep 2010, at 22:23, Kevin Ashley wrote: > If my quick reading of it is correct, I think the one area where it doesn't > fit the NDAD model is that where the restriction applies to part of an object. > The X.812 model you refer to implies access decisions are made at the object > level and access is or is not granted to an object. Where the restriction is at > the level of a database cell or a rectangle of pixels on a page, this model > becomes expensive to apply (since you need to treat cells or pixels as objects > and ask for decisions about each of them.) We took the approach that at this > level, the ADF invokes the object access function but passes across information > which an embedded AEF interprets as it grants access to the object, blanking > out pixels, rows, columns, cells, segments of video, etc.